TOR is susceptible to several forms of attack that leave the user vulnerable to having their identity exposed. Most methods involve controlling multiple TOR "exit nodes," as well as some simple luck. The idea is, waiting for the victim to connect to random nodes (a normal process of the TOR network) and hoping the victim connects to two or more nodes controlled by an attacker. Under the condition that a victim is integrated into the TOR network, via two or more of an attackers nodes, an attacker has all info and means needed to ascertain the victims identity(i.e. IP address).

TOR is very safe. I think I2P is safer. I believe attacks like the one I've described have been demonstrated in the real world.